What does someone do in order to produce these log messages?
Is it someone trying a UDP exploit? Or just someone with
a misconfigured system/application on my cable-modem (eth0)
network? (slink ipmasq'd firewall/router; eth1 internal LAN)
Oct 6 23:17:50 www kernel: IP fw-in deny eth0 UDP
On Sun, 25 Apr 1999, John C. Ellingboe wrote:
Quoting Paul Tod Rieger [EMAIL PROTECTED]:
Are there any web-enabled apps that would allow me to monitor my server
from a web browser on another machine? My firewall is also a webserver,
so I'd like to use that capability to check the
Quoting Paul Tod Rieger [EMAIL PROTECTED]:
Are there any web-enabled apps that would allow me to monitor my server
from a web browser on another machine? My firewall is also a webserver,
so I'd like to use that capability to check the console and other logs.
I'm working on a web based fw
On Thu, Apr 22, 1999 at 08:00:00PM -0400, Paul Tod Rieger wrote:
Just to be clearer, the typical message looks like:
kernel: IP fw-in deny eth0 UDP 192.168.4.1:68 255.255.255.255:67 L=328
S=0x00 I=53838 F=0x T=128
Everytime I connect to inet through Infovia plus (Spain) I got
, Manel Marin wrote:
On Thu, Apr 22, 1999 at 08:00:00PM -0400, Paul Tod Rieger wrote:
Just to be clearer, the typical message looks like:
kernel: IP fw-in deny eth0 UDP 192.168.4.1:68 255.255.255.255:67 L=328
S=0x00 I=53838 F=0x T=128
Everytime I connect to inet through Infovia
On Thu, 22 Apr 1999, Paul Tod Rieger wrote:
OK, so just because I see eth0 and 192.168.4.1 (eth1) in the message
doesn't mean the problem is on the firewall: it's likely coming from
another device on the eth1 LAN.
On Thu, 22 Apr 1999, John Kramer wrote:
eth0 is your internal lan, right?
If you're in a really mean mood, you can put your neighbor behind your
masqueraded firewall and log all her activity. To do this, set up an alias
eth0:1 as 192.168.127.1 (or any other convenient reserved network not used
by yourself). Allow masquerading from this network. Set up dhcpd to
address), it seems unlikely that it came from eth0.
Just to be clearer, the typical message looks like:
kernel: IP fw-in deny eth0 UDP 192.168.4.1:68 255.255.255.255:67 L=328
S=0x00 I=53838 F=0x T=128
eth0 is the NIC to my cable modem.
192.168.4.1 is the NIC to my LAN (eth1) -- whether it's
On Thu, 22 Apr 1999, Robert de Forest wrote:
If your cable modem is as simple as a hub you could probably snoop people's
traffic without assigning them an IP. I think this is something a lot of
people are going to be unaware of, and it's going to be a big security
hole.
Yikes. I figured it
I've been finding messages like this in my console:
kernel: IP fw-in deny eth0 UDP 192.168.4.1:68 255.255.255.255:67 L=328
S=0x00 I=53838 F=0x T=128
They'll come in bunches, with only the value for I= changing.
eth0 is the NIC to my cable modem, and 192.168.4.1 is the NIC to my
LAN
kernel: IP fw-in deny eth0 UDP 192.168.4.1:68 255.255.255.255:67 L=328
S=0x00 I=53838 F=0x T=128
Looks like DHCP.
eth0 is the NIC to my cable modem, and 192.168.4.1 is the NIC to my
LAN. The machine is an IPmasq firewall (and server in general).
I guess that somewhere on your LAN
Cable modems work like a lan. The local neighborhood is an enthernet
segment. Someone else in your neighborhood is mis-configured. Good thing
you have a linux firewall!
[Charset iso-8859-1 unsupported, filtering to ASCII...]
kernel: IP fw-in deny eth0 UDP 192.168.4.1:68 255.255.255.255:67 L=328
OK, so just because I see eth0 and 192.168.4.1 (eth1) in the message
doesn't mean the problem is on the firewall: it's likely coming from
another device on the eth1 LAN.
I figure it's the $5 combo card on the w98 box, so I've reconfigured it
to use 10Base2 media instead of auto-sensing, the
On Thu, 22 Apr 1999, Paul Tod Rieger wrote:
OK, so just because I see eth0 and 192.168.4.1 (eth1) in the message
doesn't mean the problem is on the firewall: it's likely coming from
another device on the eth1 LAN.
eth0 is your internal lan, right? Or is eth1 connected to your lan?
I
14 matches
Mail list logo